Friday, 23 June 2017

This post is to share knowledge
on new tool which is used for auditing different components in organisation like Active Directory, SQL Server, Exchange Server and SharePoint.

When I talk about Audit then it is important to understand what is
Auditing & why it is required in an organisation?

Audit is a method to examine
& evaluate the process or function or tool in an organisation to ensure its
compliance requirements. It can be internal or external by 3rd party.

As defined in ISO
19011:2011—Guidelines for auditing management systems, an audit is a
“systematic, independent and documented process for obtaining audit evidence
[records, statements of fact or other information which are relevant and
verifiable] and evaluating it objectively to determine the extent to which the
audit criteria [set of policies, procedures or requirements] are fulfilled.”

Auditing is not only related to process
or function but it is used to examine & evaluate tools like Domain, SQL
Server and SharePoint etc.

You
might think why organisation need to audit tools? What benefits you will get
with the auditing? How to audit tools?

Let’s take an example for Domain.
In large environments, there are “n” no of objects changes in Active Directory
on daily basis. It’s not easy to track who did what changes or update in AD. If
any employee leaves the organisation then how to track whether all
objects/access is deleted or disabled in AD.

For monitoring/tracking AD, there
must be any auditing tool which helps in generating report with all security
& compliance challenges.

Similarly, Group Policy is
another example where every day new policies are created & deployed or
changes done in existing policies. Who created policy, for what purpose policy
is created, when it is created & deployed, it’s not easy to track all these
details manually in large environments. Also, if you need to roll back any
changes done in policy is not possible until you have backup of policy. If you
don’t have any backup then how will you roll back policy? These are the
critical challenges which may have big compliance issue in any organisation.

To overcome such challenges, I
will introduce you to a new Tool known as LEPIDEAUDITOR SUITE which Audit
multiple products which includes:

NOTE: There are
no such changes done by LepideAuditor software which will have any impact on
Your Domain by any means. Only required changes will be done (if any) which
will be used for collecting required Auditing information’s from Domain.

Create new Group policy object by any name as LepideAuditor
will not accept to do any changes in default domain controller policy:

So, Provide Domain IP & Type new GPO Name:

Here, it will ask you to select Domain Components which You
want to be audited by LepideAuditor. You can click on tool icon () in front of component to configure required options as well:

Click on ICON & Configure each policies 1 by 1 as shown
below:

Schedule Group Policy Backup settings based on Daily, Weekly
or Monthly basis.

Schedule Backup as per Your requirement & Click OK:

Configure Active Directory Cleanup Settings where You have
options to set notification & cleanup settings for inactive accounts or those
who left the organization:

Configure User Password Expiration Reminder Settings:

Once all required settings are configured, Click Next &
Check if IP Settings are correct for Domain (If not then change else click
next):

Here You have to provide LepideAuditor Database details
where all log inventories will be stored:

NOTE: Do check
credentials by click Test Connection.

Once all settings are configured, It will ask to restart the
software so Click Yes:

Below is the default console for LEPIDEAUTOR Software:

NOTE: By default, LepideAuditor,
provide you free trail for 15 Days. Later, you have to buy License from LepideAuditor.

EXPLORE CAPABILITIES:

RADAR:

Default Dashboard view where you have 360 views or Domain
level view to see status update on all changes done based on customer time
period or particular day, week or month. This view gives you complete
information for AD, Exchange, and SharePoint or DB level.

Below
are other dashboard views available:

Changes by Criticality

All Changes by Source

Top Admins

Failed Logon trends

Top modified classes

User with Soon to Expire Password

Actions Performed by Active Directory
Cleaner

All Changes Trend

Resource Utilization on Server(s)

Live Feed

If You click on any Changes
Dashboard section, It will open Audit report view where You can see report for
changes done based on required inputs like Component Name, Server Name, Object
Name, Who, When etc.

You can also see Compliance
Reports where You have “n” no of reports to check compliance status like
Password Policy modified, User Expiry Modified etc:

If you want to restore previous
back for Active Directory Objects or Group Policy then LepideAuditor provide
this capability as well. Click on Restore Tab and provide required details to
restore to previous state:

HEALTH MONITORING:

Here you can see complete health status of all
servers which includes:

Server Availability

CPU & Memory
Usage

Active Directory
Services

ESENT Database
Performance

Active Directory
Web Service

DFSR Replicated
Folders

Replication Status

LDAP Status

Address Book Status

Directory Service
Status

NTDS Performance
Counters

DNS Performance
Counters

And so on…

ALERTS:

Here you can view auditing alerts & health monitoring
alerts for all AD, DB, Exchange Server, Group Policies and SharePoint:

SETTINGS:

Configure settings as per your requirements:

LICENSE INFORMATION:

Here you can see license information. If you
don’t have license key then click on Request License button. This will download
a License Request File which you have to email to LepideAuditor Team (sales@lepide.com). Lepide Sale Team will generate key & share with you on email.
Once key is available, click on Activate License & provide license key: